C2150-400 - IBM Security Qradar SIEM Implementation v 7.2.1

Go back to IBM

Example Questions

Which two search filters are available on the QRadar console while making an asset search? (Choose two.) What does QRadar use to group the event or flow according to the network? Which two file systems does QRadar support for offboard storage partitions? (Choose two.) Which two authentication methods for the QRadar User Interface are valid? (Choose two.) You have been asked to forward all event logs from QRadar to another central syslog server with the IP of You also want the events to be processed by the CRE, but not stored on the system. What will allow you to do this process? An off-site source can connect to which component? There are unknown log records from unsupported security device events in the Log activity tab. You are planning to write an LSX for an unsupported security device type based on UDSM. What is the file format and payload option for exporting the unknown log records? Which character is used for naming subgroups when using the option Add Group in the Network Hierarchy editor? In which two ways can an administrator view all the events that are related to an offense from the Offense Details screen? (Choose two.) Where do you save the "Login Message File" on the system when setting up a banner message for the authentication page? What two are valid actions that a user can perform when monitoring offenses? (Choose two.) What should be the latency between the primary and secondary HA hosts? Which two proxy options are required to be set when using a Proxy Server for Auto Updates in QRadar? (Choose two.) Which expression imports all xml files in the report directory if the administrator is configuring a Nessus Scanner? What is a benefit of enabling indexes on event properties? What is the minimum bandwidth needed between the primary and secondary HA host? Which IP address of a NATed server is used to access the server from outside the network? On the QRadar console you have received notification that CVE ID: CVE-2010-000 is being actively used. What search parameter should you select from the list of search parameters in this situation? A QRadar administrator needs to tune the system by enabling or disabling the appropriate rules in order to ensure that the QRadar console generates meaningful offenses for the environment. Which role permission is required for enabling and disabling the rule? What will be restored when restoring event data or flow data for a particular period to a MH? A QRadar SIEM administrator wants to create a Flow Rule that includes a building block definition (BB) that includes applications that indicate communication with file sharing sites. In which group will the administrator find this specified building block? A QRadar administrator is sizing a distributed deployment. The deployment has approximately 2 million flows per minute (FPM) and needs at least 7 terabytes of storage. Which architecture is correct? Which two statements are true regarding QRadar Log Sources and DSMs? (Choose two.) What is the result when adding host definition building blocks to QRadar? A customer has log files from Windows-based systems and wants to push those logs to the QRadar console. What options should the customer use in WinCollect to collect and forward these logs? A user of QRadar wishes to have a report showing the number of bytes per packet they see with their flows. The user decides to create a Custom Flow Property for this application. Which type of custom property is required for this to be accomplished? Which Permission Precedence should be applied to the users security profile assuming the administrators only want the group to have access to Windows events and flows and not events from other networks? What should the format of a CSV file be while importing assets on the QRadar console? Which configuration window defines the maximum number of TCP syslog connections? Which line color inside the deployment editor signals that encrypted communication has been selected for the managed hosts in a distributed environment? What is used to collect netflow and jflow traffic in a QRadar Distributed Deployment? Which two actions can be selected from the license drop-down in the system and license management screen when working with a new license? (Choose two.) Which command will install the patch after mounting the patch file? Which attribute is valid when defining the user roles to provide the necessary access? There is a requirement at the customer site to double the default QFlow Maximum Content Capture size. What would be the resulting packet size? A mail server typically communicates with 50 hosts per second in the middle of the night and then suddenly starts communicating with 1.000 hosts a second. The administrator wants to get an email alert whenever this situation is being observed. Which type of rule should an administrator create to monitor this situation? Which option will display the rule that triggered an offense from Offense Details screen? Which tab in the QRadar web console allows flows to be monitored and investigated? Which option needs to be specified in the syslinux configuration file to reinstall an IBM QRadar appliance via serial port from an USB flash-drive? What does the message in the System Notification Widget on the Dashboard "Disk sentry: System disk usage back to normal levels." tell you? Which operating system is supported for creating a bootable flash drive for recovery? What is a valid QVM scan status? What does Server discovery allow the QRadar administrator to do? You have created an LSX log parser document to process the unknown log events from your unsupported log source. The events are coming up with Log source type GenericDSM and the correct Log Source Event ID. What is the next step in this process? What functionalities of QRadar provide the ability to collect, understand, and properly categorize events from external sources? Which default flow source is included in the QRadar SIEM? How frequently does the Automated Update Process run if Configuration files are updated on Primary and then Deploy Changes is not performed, and the updates are made on the Secondary host through an Automated Update Process? Which NetFlow versions does QRadar SIEM support? What type of users can view all reports that are created by other users? A customer has a requirement to integrate with QRadar to capture events coming from IBM DB2. Which protocol should an administrator use to integrate Log Enhanced Event format (LEEF) events while configuring Log Sources on QRadar console?